Post on 29-Sep-2020
Application Note
OpenVPN Client with x.509 certificates
Document Name: Application Note
Version: /v.1.0.0
Date: 2014-06-11
Status: /Confidential
DocID: /RT_AN005_OpenVPN Client with x.509 certificates
www.robustel.com
OpenVPN Client with x.509 certificates
1
Contents
Chapter 1. Introduction ...................................................................................................................................... 2
1.1 Overview........................................................................................................................................... 2
1.2 Assumptions ..................................................................................................................................... 2
1.3 Rectifications .................................................................................................................................... 2
1.4 File Version ....................................................................................................................................... 2
Chapter 2. Application Topology ........................................................................................................................ 4
Chapter 3. Configuration .................................................................................................................................... 5
3.1 OpenVPN Installation on Windows ................................................................................................... 5
3.2 Certificates Management for OpenVPN ............................................................................................ 9
3.2.1 Certificate about OpenVPN ............................................................................................................... 9
3.2.2 Generate certificates for OpenVPN server and multiple clients ...................................................... 10
3.3 Windows OpenVPN Server Configuration ....................................................................................... 15
3.3.1 Open and Edit the server.ovpn file .................................................................................................. 15
3.4 R3000 Configuration ....................................................................................................................... 22
3.4.1 Configure Link Management ........................................................................................................... 22
3.4.2 Configure Cellular WAN .................................................................................................................. 23
3.4.3 Configure LAN IP address ................................................................................................................ 24
3.4.4 OpenVPN client Configuration ........................................................................................................ 24
Chapter 4. Testing............................................................................................................................................. 29
4.1 Cellular Status ................................................................................................................................. 29
4.2 Running the OpenVPN software in Windows OS ............................................................................ 29
4.3 VPN Status and Communication ..................................................................................................... 30
4.4 Testing at OpenVPN server ............................................................................................................. 31
4.5 Event/log ........................................................................................................................................ 33
Chapter 5. Appendix ......................................................................................................................................... 34
5.1 Firmware Version ............................................................................................................................ 34
5.2 OpenVPN software Version............................................................................................................. 34
OpenVPN Client with x.509 certificates
2
Chapter 1. Introduction
1.1 Overview
OpenVPN is an open source project with the GPL license agreement, complete solution characteristics of SSL VPN,
can provide solutions which contain the VPN between site-to-site, WIFI security and enterprise remote access.
OpenVPN permit to establish VPN that use the pre-shared key, the third party certificate or username/password to
authenticate.
This application note is written for customer who has good understanding Robustel products and experienced with
OpenVPN. It shows customer how to configure and test the OpenVPN between the R3000 and Windows OpenVPN
server through the cellular network.
1.2 Assumptions
OpenVPN feature has been fully test and this Application Note is written by technically competent engineer who is
familiar with Robustel products and the application requirement.
This Application Note is basing on:
Product Model: Robustel GoRugged R3000 industrial cellular VPN router.
Firmware Version: R3000_S_V1.01.01.fs.
Software required: OpenVPN 2.2.2
Configuration: This Application Note assumes the Robustel products are set to factory default. Most configure
steps are only shown if they are different from the factory default settings. The Internet is connecting and there
is no firewall feature enable.
R3000’s cellular WAN could be dynamic or static, public or “private with NAT” IP address. OpenVPN is certificate
based, we using x.509 certificate for authentication at this application. A PC will be install the OpenVPN Easy-RSA
certificate authority and create & sign the certificates. Any Easy-RSA is free and simple to use.
1.3 Rectifications
Appreciate for the corrections and Rectifications to this Application Note, and if there are requests for new
Application Notes please also send to email address: support@robustel.com .
1.4 File Version
Updates between document versions are cumulative. Therefore, the latest document version contains all updates
made to previous versions.
OpenVPN Client with x.509 certificates
3
Release Date Firmware Version Details
2014-06-11 V1.01.01 First Release
OpenVPN Client with x.509 certificates
4
Chapter 2. Application Topology
1. The PC run as OpenVPN server should have a fixed public IP address and open the specify port of OpenVPN.
2. Another R3000 works on wireless network with any kind of IP which can access internet and ping the WAN IP
address of OpenVPN server successfully.
3. OpenVPN tunnel established between server and client. Multiple OpenVPN clients can connect to the same
OpenVPN server.
Note: if OpenVPN server behind a Gateway Router, the Router must open the port of 1194 and port forwarding to the
internal server. 1194 is the default port number for OpenVPN negotiation.
OpenVPN Client with x.509 certificates
5
Chapter 3. Configuration
3.1 OpenVPN Installation on Windows
This step should be done on a PC that will be used to create certificates, this can be the OpenVPN server. The
download is available from: http://openvpn.net/index.php
1. Download the release of the Windows installer. Run the installation program.
2. License Agreement.
OpenVPN Client with x.509 certificates
6
3. Select all the options by default.
OpenVPN Client with x.509 certificates
7
4. Select the installation path. Save in default Destination Folder.
5. The installation schedule.
OpenVPN Client with x.509 certificates
8
6. Agree to install the TAP-Win32 network adapter.
7. The installation will be completed.
8. Click “Finish” button and complete the installation.
OpenVPN Client with x.509 certificates
9
3.2 Certificates Management for OpenVPN
3.2.1 Certificate about OpenVPN
The first step in building an OpenVPN is to establish a PKI (public key infrastructure). The PKI consists of:
a separate certificate (also known as a public key) and private key for the server and each client.
a master Certificate Authority (CA) and private key which is used to sign certificates for each server and client.
OpenVPN supports bidirectional authentication based on certificates, it means that client must authenticate the
server’s certificate and the server must authenticate client’s certificate before tunnel is established.
Both server and client will authenticate the presented certificate firstly, which was signed by the master certificate
authority (CA), and then by testing information in the now-authenticated certificate header, such as the certificate
common name or certificate type (client or server).
The features of OpenVPN:
The server only concern its own certificate/key -- it has no need to know the individual certificates of each client.
The server will only accept clients whose certificates were signed by the master CA certificate. Because the
server can perform this signature verification without needing access to the CA private key itself. We could place
the CA key (the most sensitive key in the entire PKI) to a completely different machine without Internet access.
If a private key is compromised and not security any more, the private key could be disqualified by using CRL
(certificate revocation list). The CRL disable the compromised certificates and no need to rebuilt the entire PKI.
The server can enforce client-specific access rights based on client’s certificates, such as the Common Name.
OpenVPN Client with x.509 certificates
10
3.2.2 Generate certificates for OpenVPN server and multiple clients
In this section we will generate a master CA certificate/key, one server certificate/key and one client certificate/key.
1. For PKI management, we could pre-set the scripts bundled with OpenVPN. On Windows, open up a Command
line interface and cd to C:\Program Files\OpenVPN\easy-rsa.
2. Run the init-config.bat to copy configuration files into place(this command would overwrite the previous vars.bat
and openssl.cnf files).
3. Edit the vars.bat and set the KEY_COUNTRY, KEY_PROVINCE, KEY_CITY, KEY_ORG, KEY_EMAIL parameters and so
on. Don't leave any blank in this part.
OpenVPN Client with x.509 certificates
11
4. Run the following commands to initialize the environment.
5. The command(build-ca.bat) will build the certificate authority(CA) certificate and key by invoking the interactive
openssl command.
OpenVPN Client with x.509 certificates
12
Note: in the above sequence, most queried parameters were defaulted to the values set in the vars.bat file. The only
parameter which must be explicitly entered is the Common Name.
6. Generate a certificate and private key for server, using build-key-server.bat Server01. When the Common Name
is queried, please enter “Server01”.
OpenVPN Client with x.509 certificates
13
Note: Server01 in “build-key-server.bat Server01” is the file name of certificate(the name of public key and private
key).
OpenVPN Client with x.509 certificates
14
7. Generate a certificate and private key for client.
Note: Client01 in “build-key-server.bat Client01” is the file name of certificate(the name of public key and private
key). Always use a unique common name for each client.
OpenVPN Client with x.509 certificates
15
8. Generate Diffie Hellman parameters.
9. Now, you can see the newly-generated keys and certificates in the easy-rsa\keys subdirectory.
3.3 Windows OpenVPN Server Configuration
The following steps explain the configuration that needs to be done on the Windows OpenVPN Server.
3.3.1 Open and Edit the server.ovpn file
1. Copy the required files to the OpenVPN server configuration directory.
OpenVPN Client with x.509 certificates
16
Path: C:\Program Files\OpenVPN\config
2. To assign specific IP addresses to specific clients or if a connecting client has a private subnet behind it that
should also have VPN access, use the subdirectory "ccd" for client-specific configuration files Add a new folder
name “ccd”, then create a new notepad and rename it without suffix.
Note: ”Client01” is the Common Name pre-defined in the certificate but not the file name.
3. Edit this notepad and save it.
Note: 192.168.1.0/24 is the subnet behind R3000.
OpenVPN Client with x.509 certificates
17
4. The configuration of the server.ovpn.
Note: These red following have been changed from the sample configure defaults. And the extra comments are in
blue.
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients <-> one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine <-> single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# "C:\\Program Files\\OpenVPN\\config\\foo.key" #
# #
# Comments are preceded with '#' or ';' #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
local 202.96.1.100
# OpenVPN working in Server mode,
# can support multiple client dynamic access at the same time.
mode server
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
OpenVPN Client with x.509 certificates
18
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Maximum Transmission Unit for OpenVPN tunnel.
# It is the identifier of the maximum size of packet,
# which is possible to transfer in a given environment.
tun-mtu 1500
# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
fragment 1500
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca ca.crt
cert Server01.crt
OpenVPN Client with x.509 certificates
19
key Server01.key # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh1024.pem 1024
# Substitute 2048 for 1024 if you are using
# 2048 bit keys.
dh dh1024.pem
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt
# Configure server mode for ethernet bridging.
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push "route 192.168.10.0 255.255.255.0"
push "route 192.168.3.0 255.255.255.0"
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory "ccd" for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name "Thelonious"
# also has a small subnet behind his connecting
OpenVPN Client with x.509 certificates
20
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
client-config-dir ccd
route 192.168.1.0 255.255.255.0
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
;tls-auth ta.key 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
max-clients 100
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
OpenVPN Client with x.509 certificates
21
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nobody
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the "\Program Files\OpenVPN\log" directory).
# Use log or log-append to override this default.
# "log" will truncate the log file on OpenVPN startup,
# while "log-append" will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
OpenVPN Client with x.509 certificates
22
3.4 R3000 Configuration
3.4.1 Configure Link Management
1. Install antenna, insert SIM card to R3000 -> power on R3000 and login R3000’s Web GUI page.
Note: Factory Settings when login Web GUI
Item Description
Username admin
Password admin
Eth0 192.168.0.1/255.255.255.0, LAN mode
Eth1 192.168.0.1/255.255.255.0, LAN mode
DHCP Server Enabled.
2. Browse to “Configuration”-> “Link Management”.
Click the drop-down box of “Primary Interface” and select “Cellular”.
Click “Apply”.
Item Description Setting
Primary Interface Select “Cellular”, “Eth0”, “WiFi” as the primary connection
interface. Cellular
OpenVPN Client with x.509 certificates
23
3.4.2 Configure Cellular WAN
1. Browse to “Configuration”-> “Cellular WAN”-> “ISP Profile”.
Click “Add” to enter the APN (Access Point Name) and Dialup No. for each ISP.
If required please enter Username and Password in the appropriate fields.
Click “Apply”.
Note: Usually APN, Username, Password and Dialup No. are provided by ISP accordingly.
Item Description Setting
ISP Enter relevant ISP network name Enter accordingly
APN Enter correct APN for the network Enter accordingly
Username Enter correct Username for the network Enter accordingly
Password Enter correct Password for the network Enter accordingly
Dialup No. Enter correct Dialup No. for the network Enter accordingly
2. Browse to “Configuration”-> “Cellular WAN”-> “Basic”.
In region “Cellular Settings”. Click the drop-down box of “Network Provider Type” of SIM card and select the
correct “ISP” that you configure in “Configuration”-> “Cellular WAN”-> “ISP Profile”.
If required please enter PIN number for the SIM in “PIN Type”.
In region “Connection Mode”. Click the drop-down box of “Connection Mode” to select the connection mode
accordingly. “Always Online” mode is selected in this Application Note.
Click “Apply”.
Item Description Setting
Network Provider
Type
Select from “Auto”, “Custom” or the ISP name you
preset in “Configuration”->”Cellular WAN”->”ISP
Profile”.
Enter accordingly
Connection Mode Select the connection mode when R3000 dial up to
get access to Internet. Always Online
OpenVPN Client with x.509 certificates
24
3.4.3 Configure LAN IP address
1. Browse to “Configuration”-> “Ethernet”-> “Eth1”.
Set IP address and netmask of Eth1 accordingly.
Click “Apply”.
Note: Eth0 works under bridge mode with Eth1 by default settings. Eth0 and Eth1 will share the Eth1’s IP address
under bridge mode.
Item Description Setting
IP Address Set the IP address of Eth1 Enter accordingly
NetMask Set the Netmask of Eth1 Enter accordingly
MTU Set the MTU of Eth1 1500
Media Type Set the Media Type of Eth1 Auto-negotiation
3.4.4 OpenVPN client Configuration
The following sections relate to the Open VPN parameters.
1. Browse to “Configuration”-> “OpenVPN”-> “Client”. Click “Add”.
OpenVPN Client with x.509 certificates
25
2. Client Panel, configure the parameters that match OpenVPN server side, then click “Apply”.
Item Description Setting
Enable Enable OpenVPN Client, the max tunnel account is
3 Enable
Protocol Select from “UDP” and “TCP Client” which depends
on the application. Select accordingly
Remote IP Address Enter the remote IP address or domain name of
remote side OpenVPN server. Enter accordingly
Port Enter the listening port of remote side OpenVPN
server. Enter accordingly
Interface Select from “tun” and “tap” which are two
different kinds of device interface for OpenVPN. Select accordingly
Authentication
Select from four different kinds of authentication
ways: “Pre-shared”, “Username/Password”, “X.509
cert” and “X.509 cert+user”.
Select accordingly
Local IP Define the local IP address of OpenVPN tunnel. Enter accordingly
Remote IP Define the remote IP address of OpenVPN tunnel. Enter accordingly
Enable NAT Tick to enable SNAT for OpenVPN. Enable
Ping Interval Set ping interval to check if the tunnel is active. Enter accordingly
Ping -Restart Restart to establish the OpenVPN tunnel if ping
always timeout during this time. Enter accordingly
Compression Select “LZO” to use the LZO compression library to
compress the data stream. Select accordingly
Encryption Select from “BF-CBC”, “DES-CBC”, “DES-EDE3-CBC”,
“AES128-CBC”, “AES192-CBC” and “AES256-CBC”. Select accordingly
MTU
Maximum Transmission Unit. It is the identifier of
the maximum size of packet, which is possible to
transfer in a given environment.
Enter accordingly
Max Frame Size Set the Max Frame Size for transmission. Enter accordingly
Verbose Level
Select the log output level which from low to high:
“ERR”, “WARNING”, “NOTICE” and “DEBUG”. The
higher level will output more log information.
Select accordingly
Expert Options
You can enter some other PPP initialization strings
in this field. Each string can be separated by a
space.
Null
Subnet&Subnet
Mask@Local Route Set the subnet and subnet Mask of local route. Enter accordingly
OpenVPN Client with x.509 certificates
26
3. Import the certificate for OpenVPN.
Browse to “Configuration”-> “OpenVPN”-> “X.509”.
Item Description Setting
Select Cert Type Select the OpenVPN client or server which the
certificate used for. Select accordingly
CA
Click “Browse” to select the correct CA file from
your PC, and then click “Import” to import it to the
router.
Click “Export” you can export the CA file from
router to your PC.
Select accordingly
Public Key
Click “Browse” to select the correct Public Key file
from your PC, and then click “Import” to import it
to the router.
Click “Export” you can export the Public Key A file
from router to your PC.
Select accordingly
Private Key
Click “Browse” to select the correct Private Key file
from your PC, and then click “Import” to import it
to the router.
Click “Export” you can export the Private Key file
from router to your PC.
Select accordingly
DH Click “Browse” to select the correct DH A file from
your PC, and then click “Import” to import it to the Null
OpenVPN Client with x.509 certificates
27
router.
Click “Export” you can export the DH file from
router to your PC.
TA
Click “Browse” to select the correct TA file from
your PC, and then click “Import” to import it to the
router.
Click “Export” you can export the TA file from
router to your PC.
Null
CRL
Click “Browse” to select the correct CRL file from
your PC, and then click “Import” to import it to the
router.
Click “Export” you can export the CRL file from
router to your PC.
Null
Pre-Share Static Key
Click “Browse” to select the correct Pre-Share
Static Key file from your PC, and then click “Import”
to import it to the router.
Click “Export” you can export the Pre-Share Static
Key file from router to your PC.
Null
4. Import the certificate, select Cert Type for Client_1 and click the “browse”.
5. Select the ca.crt, Client01.crt and Client01.key with path C:\Program Files\OpenVPN \easy-rsa\keys
OpenVPN Client with x.509 certificates
28
Note: While we using x.509 certificate for authentication, CA, public key and private key for client is required.
6. Click the “Import” button and you could check the status of CA.
7. “OK” means that the certificates have been imported successfully. Then click “Save”->”Reboot”.
OpenVPN Client with x.509 certificates
29
Chapter 4. Testing
4.1 Cellular Status
1. Browse to “Status”-> “System”->“Current WAN Link” and “Cellular Information”.
Check that R3000 has dial up to get IP address and get access to the Internet.
4.2 Running the OpenVPN software in Windows OS
1. Run the OpenVPN software.
OpenVPN Client with x.509 certificates
30
2. You could check the OpenVPN icon in the system tray.
3. Double click the icon, when the OpenVPN server has successfully started, the icon will turn green and prompt a
notification with the assigned IP address.
This server will now wait for OpenVPN clients connection.
4.3 VPN Status and Communication
1. Browse to “Status”-> “VPN” ->“OpenVPN”.
Check that R3000 has established OpenVPN tunnel with Server side.
Check the virtual tunnel on Route table. Browse to “Status”-> “Route”.
Browse to “Administration”-> “Tools” and “Ping”.
Ping virtual IP of OpenVPN tunnel and got ICMP reply from OpenVPN server.
OpenVPN Client with x.509 certificates
31
Browse to “Administration”-> “Tools” and “Ping”.
Ping LAN IP address behind OpenVPN server and got ICMP reply from remote subnet.
4.4 Testing at OpenVPN server
1. Running the CLI and type “route print” command to check the route-table in Windows 7.
OpenVPN Client with x.509 certificates
32
2. There is remote subnet 192.168.1.0/24 via OpenVPN tunnel.
3. Ping LAN IP address behind R3000 and got ICMP reply from remote subnet.
OpenVPN Client with x.509 certificates
33
4.5 Event/log
Event/Log shows running process and status of R3000.
Note: Usually you can check the Event/Log file in “Status”-> “Event/Log”.
……
14-06-06 11:14:14 <0> router: system service starting...
14-06-06 11:14:18 <0> router: openvpn client 0 start up.
14-06-06 11:14:18 <1> OpenVPN: OpenVPN 2.2.2 arm-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Nov 19 2013
14-06-06 11:14:18 <3> OpenVPN: WARNING: No server certificate verification method has been enabled. See
http://openvpn.net/howto.html#mitm for more info.
14-06-06 11:14:18 <3> OpenVPN: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined
scripts or executables
14-06-06 11:14:18 <3> OpenVPN: WARNING: file '/cfg/x509/openvpn/client_0/client.key' is group or others
accessible
14-06-06 11:14:18 <1> OpenVPN: LZO compression initialized
14-06-06 11:14:18 <1> OpenVPN: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
14-06-06 11:14:18 <1> OpenVPN: UDPv4 link local: [undef]
14-06-06 11:14:18 <1> OpenVPN: UDPv4 link remote: 202.96.1.100:1194
14-06-06 11:14:18 <1> OpenVPN: [Server01] Peer Connection Initiated with 202.96.1.100:1194
14-06-06 11:14:21 <1> OpenVPN: TUN/TAP device tun0 opened
14-06-06 11:14:21 <1> OpenVPN: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
14-06-06 11:14:21 <3> OpenVPN: ERROR: Linux route add command failed: external program exited with error status:
1
14-06-06 11:14:21 <1> OpenVPN: GID set to root
14-06-06 11:14:21 <1> OpenVPN: UID set to root
14-06-06 11:14:21 <1> OpenVPN: Initialization Sequence Completed
……
OpenVPN Client with x.509 certificates
34
Chapter 5. Appendix
5.1 Firmware Version
The configuration above was tested on R3000 with firmware version R3000_S_V1.01.01.fs.
5.2 OpenVPN software Version
The software version of OpenVPN is version 2.2.2.